Enterprise threat detection (ETD) typically allows analyzing log data from various enterprise computing systems over known ETD patterns indicating threats to the computing systems. Currently the ETD patterns are processed on a periodic basis, for example, every ten minutes. For this example timeframe, it can take up to ten minutes before a threat can be detected using the EDT pattern; potentially allowing data theft, damage, etc. (including possibly to the ETD system itself) to occur within the enterprise computing system until the threat detection system processes log data against the ETD patterns at the next period threshold. However, increasing the period frequency (for example, to process an ETD pattern every minute or more frequently), raises computational and resource loads on one or more computers due to the increased frequency of processing. As some types of enterprise computing system attacks occur very infrequently (for example, less than once per month), an approach to increase the period frequency is in conflict with a goal to decrease computer operation costs.